<% from invirt.config import structs as cfg hostname = cfg.web.hostname errmail = cfg.web.errormail tracuri = cfg.trac.uri %> Listen 442 Listen 446 <%def name="invirt_webinterface()"> DocumentRoot /var/www/invirt-web Options Indexes FollowSymLinks MultiViews ExecCGI AllowOverride None Order allow,deny allow from all ${caller.body()} RewriteEngine On RewriteRule ^/favicon.ico - [L] RewriteRule ^/static(.*) - [L] RewriteRule ^/overlord/static(.*) /static/$1 [L] RewriteRule ^/admin/static(.*) /static/$1 [L] RewriteRule ^/trac(.*) ${tracuri}$1 [R,L] RewriteRule ^/(.*) /var/www/invirt-web/auth.fcgi/$1 [L] RewriteLog /var/log/apache2/rewrite.log RewriteLogLevel 0 ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/ssl_access.log combined ServerSignature On SSLEngine on SSLCertificateFile ssl/server.crt SSLCertificateChainFile ssl/server.crt SSLCertificateKeyFile ssl/server.key SSLCACertificateFile /etc/ssl/certs/mitCAclient.pem SSLVerifyDepth 10 SSLOptions +StdEnvVars SSLProtocol all -SSLv2 SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 Redirect /wiki ${tracuri} ServerAdmin ${errmail} ServerName ${hostname}:443 <%call expr="invirt_webinterface()"> Require valid-user AuthType SSLCert AuthSSLCertVar SSL_CLIENT_S_DN_Email AuthSSLCertStripSuffix "@MIT.EDU" SSLVerifyClient require ServerAdmin ${errmail} ServerName ${hostname}:442 <%call expr="invirt_webinterface()"> Require valid-user AuthType Kerberos KrbMethodNegotiate on KrbMethodK5Passwd off KrbAuthoritative off KrbAuthRealms ${cfg.kerberos.realm} Krb5Keytab /etc/invirt/keytab KrbSaveCredentials off SSLVerifyClient optional ServerAdmin ${errmail} ServerName ${hostname}:446 DocumentRoot /var/www/invirt-web Options Indexes FollowSymLinks MultiViews ExecCGI AllowOverride None Order allow,deny allow from all ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/ssl_nocert_access.log combined ServerSignature On SSLEngine on SSLCertificateFile ssl/server.crt SSLCertificateChainFile ssl/server.crt SSLCertificateKeyFile ssl/server.key SSLVerifyClient none SSLOptions +StdEnvVars SSLProtocol all -SSLv2 SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0